DOD confident about online voting ballot
January 23, 2004
ARLINGTON, Va. — The Pentagon is going forward with an Internet voting pilot program for overseas registered voters, in spite of a study that points out system vulnerabilities that could taint elections or lead to cases of stolen identity.
The program, Secure Electronic Registration and Voting Experiment, or SERVE, is susceptible to cyberattacks not easily remedied by design changes or bug fixes, according to a study conducted by an independent panel of experts in computerized election security. The Pentagon’s Federal Voting Assistance Program asked for the study.
“Because the danger of successful large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE and not attempting anything like it in the future until both the Internet and the world’s home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear,” the authors wrote.
SERVE is available only to U.S. citizens living overseas, and only to registered voters from 50 counties in the seven states that have volunteered to be part of the online program. The states are Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah and Washington.
The program could be available for the first time for the Feb. 3 South Carolina primary.
Because SERVE is an Internet- and PC-based system, it is vulnerable to attacks from within the system as well as hackers, and problems could include denial of service, spoofing (where an attacker falsifies his point of origin), automated vote-buying, viral attacks on voter PCs and more, the authors wrote.
“The flaws are unsolvable because they are fundamental to the architecture of the Internet,” wrote David Wagner, an assistant professor of computer science at University of California at Berkeley. “Using a voting system based upon the Internet poses a serious and unacceptable risk for election fraud. It is simply not secure enough for something as serious as the election of a government official.”
Congress mandated SERVE for the 2004 election after reviewing the successful outcome of a pilot program done by the Pentagon in 2000, said Pentagon spokesman Glenn Flood.
The Pentagon is not ignoring the critics or their call to halt the program, Flood said. It just has confidence in the installed safeguards.
“We are confident this is going to be safe,” he said. “We did this on a smaller scale in 2000 and it worked. Congress wanted to know if there is a better and faster way for overseas citizens, and that’s what we’re trying to do. We feel confident in the system’s security measures in place and the protective devices we have.”
The small-scale concept pilot, called Voting Over the Internet, was an experiment, in which 84 citizens in 21 states and 11 countries returned ballots to jurisdictions in Florida, South Carolina, Texas and Utah, Flood said.
“It was successful because it worked; people voted,” Flood said. “Their votes counted, and it went fast.”
It’s not mandatory for overseas voters, who can continue to submit absentee ballots, Flood said.
“We didn’t find out about security concerns from this report. We’ve known about the concerns and that’s why we made security the No. 1 priority.”
Safeguards are in place to protect against would-be hackers, Flood said, declining to discuss the security measures.
“Why would we tip our hand and say we have X, Y and Z, so they can come back and counter X, Y and Z?”
About 6 million U.S. citizens live overseas, but Glenn does not know how many are registered voters. Registration is done at the state level and the Pentagon has not asked each state to provide a tally, he said. SERVE is expected to handle up to 100,000 votes.
Military personnel worldwide are active participants in the voting process, with an average 67 percent casting ballots for general elections, Flood said.
The report can be seen at: www.servesecurityreport.org
The SERVE program site: www.serveusa.gov
The FVAP site: www.fvap.gov